smokeloader

General

Target

43c498cf3e4f835f38cec7a475bc5e2c.bin
Size

378KB
Sample

240408-bmk3zscc8x
MD5

b3873f8416ade64f05d825a83013ca09
SHA1

16fba97c03e6d6342c983679f30cf2f5d6d716a5
SHA256

92f03cb717d62d79296e0b3b0802bcb73fabb9c02f412e8a6b0d7bf69dcaf118
SHA512

314e5576635756373fe2cde93d778401bbaa1a54c7a33b1edd78a0a69309b8b2801be28e689f4aeffe0337c60b646968dd31358159691a83dcfe48ebf71a6b0a
SSDEEP

6144:qOXlmvv/3EATgRr2wOd5g+6ew6bOAjCNYl+dsTUT6twmwgpuGeX1s+nH96de5XyY:qOVmvvv7cRa3dsew6Ks5FTelFLX1s+HZ

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Extracted

Family

smokeloader

Version

2022

C2

http://sunvi.org/tmp/index.php

http://zarya-amura.ru/tmp/index.php

http://akros.in.net/tmp/index.php

rc4.i32

Targets

- Target
  
  debeea64857d020a5626850ad7f0b850b08dda331336e5e79004ec1d0fcc3a60.exe
- Size
  
  1.1MB
- MD5
  
  43c498cf3e4f835f38cec7a475bc5e2c
- SHA1
  
  a810481973afefc920845d7f937b51201a09c58b
- SHA256
  
  debeea64857d020a5626850ad7f0b850b08dda331336e5e79004ec1d0fcc3a60
- SHA512
  
  cc7300050dfa3613aba9e74ed6373018a1011d3f8bf5ee65e9152b13ac2e9b7f577c56490b8c58f5506dcf11e025ae3695a639e3abeec3829033f21925e644f2
- SSDEEP
  
  12288:EqMVbxllIU0til6szxaeaQlqPFXA4yKRahvbAi+a7B0nC7elWSohmL/fRzrM2u8U:EFlpmNQlULyKRahvbAiv9JzmLhzrnq7
Score

10^/10

smokeloader pub3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2